This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup. Register for class.

Overview

These instructions walk you through the process of installing and configuring Serv-U Gateway on Windows.

Environment

Serv-U 12.x and later

Steps

Prerequisites

Before proceeding with your installation, please ensure all of the following items are in place.

Existing Serv-U Server and Connectivity. You must have already installed Serv-U on a server that can make connections to Serv-U Gateway. These connections may be (and probably will) be through a firewall and can be restricted to a single TCP port (1180 by default), but you must have this connectivity in place before you can complete your installation.

At Least One Serv-U Domain You must have at least one domain configured on Serv-U, and that domain should have at least one configured and active listener and at least one configured user.

Current Version of Serv-U Serv-U must be at least version 12, and must be running the same major edition of software (e.g., "v12") as your Gateway.

Separate Machine for Serv-U Gateway You must have a second machine (may be a virtual machine) on which you can install Serv-U Gateway.

Install the Software

Run "Serv-U-Gateway-Setup.exe" on your Serv-U Gateway machine (not your Serv-U machine) and click through the prompts.

Open your Control Panel and verify that "Serv-U Gateway" has been installed as a service and that the service has been started.

Add Gateway Entries

Almost all Serv-U Gateway configuration is performed through the Serv-U Management Console. Serv-U Gateway does not have its own management console.

Only perform this step if you are testing Serv-U Gateway on a machine without a public IP address.

To force your Serv-U Gateway to listen on a private address:

Open the Serv-U Management Console and navigate to Server Details | Gateway.

Click the "Add" button to create a new Gateway entry.

Gateway Address: the IP address of your Serv-U Gateway machine. (If this machine has multiple addresses, pick the internal address that Serv-U will use to connect to the Gateway, not an external address that end users would access from the Internet. e.g., use "10.3.4.4", not "67.52.42.106")

Port: 1180 (Leave alone for now.)

Public IP Address: (You may narrow this to only one binding later, but leave blank for now.)

Enable Gateway: CHECKED (You may toggle this setting later, but leave this on for now.)

Description: (Leave blank or put anything you want in here.)

After you click Save, the new Gateway should immediately show up in the list. Pay attention to the color of the icon.

Great! Go to the next step.

Serv-U is checking on the Gateway's status. Another status will appear in a few seconds.

The Gateway is working but you are running dangerously close to the end of your trial or updates/support period. You should plan to buy or renew soon, but you may also move on to the next step for now.

Something is wrong. Select the Gateway entry and then select "Properties" to find out why you cannot connect to your new Gateway. If you "fix" something (e.g., open a firewall port, start a stopped Serv-U Gateway service) it will normally take a few seconds for Serv-U to realize that a change has been made. To speed up the process, select your Gateway entry, Edit it, and immediately Save your Gateway settings again.

Apply a license, if you have it. To do this, select the Gateway entry and then select "Properties" to open the "Properties" dialog. Copy your Serv-U Gateway Registration ID (not a Serv-U Registration ID) into the box and click "Save".

If you are testing on a private network, declare one of your Gateway's internal IP addresses as the IP address that will receive incoming connections:

Select your Gateway and click "Edit"

Type the private address that will receive incoming connections into the "Public IP Address" box.

Save and make sure the address you just typed shows up in your Gateway list.

Add Listener Entries

You must add Listener entries to each domain that will use your new Gateway.

Go into one of your Serv-U domains and open "Domain Details | Listeners".

Before you add any Gateway Listeners, use an FTP client or web browser to sign on to one of your existing Listeners.

The reason you want to do this now is to make sure that the user you will use to test your Gateway has been enabled, has access to the right materials, hasn't been locked out, etc. Make sure you test against one of the IP addresses on your existing Serv-U server, not the Serv-U Gateway.

Click the "Add" button to create a new Listener entry.

Type: Select the same type as the local Listener you just tested. (Again, this ensures that server configuration is not the issue if you encounter problems during testing.)

IP address: Select an IP address on your Serv-U Gateway. Use an external or "Internet-facing" address if possible. (Use an internal address on the Serv-U Gateway only if you cannot test from "outside the firewall".)

Port: Use the same port as the Listener you just tested. (Exceptions: Use a port other than "22" if you are testing SFTP on a Gateway deployed on Linux. Also use a different port if you are testing Gateway on the same machine as Serv-U.)

Enable listener: CHECKED

PASV IP Address (FTP/S only): Leave blank for now. (You may need to adjust this later, but work on basic connectivity first.)

After you click "Save", the new Listener should immediately show up in the list. Pay attention to the icon.

Great! Go to the next step.

There is a problem with the Listener. This could be due to a port conflict, due to a loss of connectivity with the Gateway or several other reasons. Check your Domain Log, then your System Log for more information.

GATEWAY on 192.168.5.63 port 1180 is running as a TRIAL normally. IP(s):

GATEWAY ERROR: GATEWAY on 192.168.56.1 port 1180 was NOT FOUND.

These are both BAD entries. The first entry shows a connected Gateway, but this Gateway will not be able to listen for any inbound connections because the "IP(s)" entry is blank. The second entry shows a configured Gateway that cannot be reached. If you see either of these entries, STOP and check the work you did in the "Add Gateway Entry" section.

Look for entries like this:

GATEWAY on 192.168.5.63 port 1180 is running as a TRIAL normally. IP(s): 67.52.42.106

These are both GOOD entries. The first entry shows a connected Gateway that is ready to receive inbound connections on a particular IP address. The second entry shows that a SFTP Listener configured to listen on port 2225 is now ready to receive inbound connections. If you see entries like this, your Gateway and its Listeners are fine. Please proceed to the next section.

Test External Connectivity

Before you deploy to production (or perform a demonstration for management) you should perform an end-to-end connectivity test.

Also repeat these steps if you want to add additional IP addresses to your Gateway. (Gateway Listeners cannot currently bind to multiple IP addresses.)

Test your first Gateway Listener.

Use the same client and same username you used to test your local Listener. Connect to the "Public IP Address" of your Gateway using the appropriate protocol and port for your first Gateway Listener.

Flip back to the Serv-U Management Console and open "Domain Activity | Domain Log" to examine your connection.

These are all GOOD entries. The first entry shows that an inbound connection came in to an SFTP Listener on the Gateway. The second and third show that my Serv-U server (on 192.168.5.71) has bound a session to the incoming session from the Gateway.

If all is well, go to the next step. Otherwise, double-check you are really connecting to Serv-U Gateway or use the troubleshooting section below.

Set up and test the rest of your Gateway Listeners by repeating the steps above.

Software Update

Every update arrives as a complete installation package. Simply run a newer installation package to update your Serv-U Gateway software.

No backup is necessary on your Serv-U Gateway machine because no configuration is held there.

Unattended Updates

To perform an unattended ("silent") update, use the "-silent" parameter when you invoke "Serv-U-Gateway-Setup.exe" from the command line. Remember to run updates as a local administrator.

Troubleshooting

Follow this procedure to find the source of a connection error reported in Serv-U's Gateway tab.

Check that Serv-U Gateway Windows Service is running.

Check that Serv-U Gateway is listening on TCP port 1180 and is bound to the expected IP address(es).

Check that local firewalls permit TCP access over port 1180 from Serv-U to Serv-U Gateway.

If you do not see your Serv-U Gateway IP address listed in a new Listener's IP Address drop-down.

Ensure Serv-U is connecting to Serv-U Gateway OK. (E.g., a green icon in the Gateway list.)

Make sure EITHER:

Your Serv-U Gateway machine has at least one public IP address

You performed step #5 in the "Add Gateway Entries" section (because the Serv-U Gateway machine only has private IP addresses)

Helpful Commands

The name of the Windows Service is "Serv-U Gateway". Try:

net stop "Serv-U Gateway"

net start "Serv-U Gateway"

The default port Serv-U Gateway listens on is TCP 1180. Try:

netstat -an | findstr 1180

The Gateway writes a limited bootstrap log here:

C:\ProgramData\RhinoSoft\Serv-U Gateway\Serv-U-Gateway.txt

Additional Assistance

See Planning Your Serv-U Gateway Deployment for a project template that allows you to select the right Serv-U architecture and coordinate with related IT teams to deploy Serv-U Gateway into production.